chillispot hotspotlogin.cgi contains # Shared secret used to encrypt challenge with. Prevents dictionary attacks. # You should change this to your own shared secret. $uamsecret = "testing123"; # Uncomment the following line if you want to use ordinary user-password # for radius authentication. Must be used together with $uamsecret. $userpassword=1; nas table
+----+-----------+-----------+------+-------+------------+-----------+-------------+ | id | nasname | shortname | type | ports | secret | community | description | +----+-----------+-----------+------+-------+------------+-----------+-------------+ | 1 | 127.0.0.1 | localhost | NULL | NULL | testing123 | NULL | NULL | +----+-----------+-----------+------+-------+------------+-----------+-------------+
radcheck table mysql> select * from radcheck; +----+----------+--------------------+----+-------+ | id | UserName | Attribute | op | Value | +----+----------+--------------------+----+-------+ | 1 | s | Cleartext-Password | := | sandy | | 2 | steve | Cleartext-Password | := | s | +----+----------+--------------------+----+-------+ 2 rows in set (0.00 sec) clients.conf client 192.168.182.1/24 { secret = testing123 shortname = private-network } nas table and clients.conf are both on radius server. You need to make testing123 secret on the portal that is sending those reqests. Ivan Kalik Kalik Informatika ISP Dana 7/4/2008, "SANDY KALUGDAN" <sandykalugdan@yahoo.com> piše:
I've checked the clients.conf and it uses testing123 as the secret. I've created a record on nas mysql> select * from nas; +----+-----------+-----------+------+-------+------------+-----------+-------------+ | id | nasname | shortname | type | ports | secret | community | description | +----+-----------+-----------+------+-------+------------+-----------+-------------+ | 1 | 127.0.0.1 | localhost | NULL | NULL | testing123 | NULL | NULL | +----+-----------+-----------+------+-------+------------+-----------+-------------+
here is a portion of the radiusd -X output
rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Login incorrect: [s/\365\010\343\323] (from client localhost port 0 cli 00-1C-A4-6F-21-10) WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> s attr_filter: Matched entry DEFAULT at line 11
----- Original Message ---- From: Ivan Kalik <tnt@kalik.net> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Sent: Monday, April 7, 2008 16:22:38 Subject: Re: Freeradius + CHAP
User-Password = "\340\334\351\234"
Shared secret in clents.conf and on the NAS is not the same.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Send instant messages to your online friends http://uk.messenger.yahoo.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Send instant messages to your online friends http://uk.messenger.yahoo.com